°==============================================================°
-= =-
-= Hackito Ergo Sum 2012 - HES2012 Final CFP =-
-= =-
-= ** http://2012.hackitoergosum.org ** =-
-= =-
-= 12-14 April 2012 / Paris / France =-
-= =-
°==============================================================°
Kak dela Komrad,
--[ Synopsis:
This is the final call for papers for the HES 2012 Conference.
Hackito Ergo Sum 2012 will take place in Paris from the
12th to the 14th of April 2012.
--[ Venue:
HES 2012 will take place in the building of the French Communist Party.
This is an amazing historical building, located in Paris (19th arrondissement).
We would like to thank the French Communist Party to allow a bunch of hackers
to take possession of this greate piece of architecture for 3 days.
The exact address is:
Espace Oscar Niemeyer - Siege du Parti Communiste
2 Place Colonel Fabien, 75019 Paris, France
A map is avaiable here:
http://tinyurl.com/6mlarx6
--[ What is HES ? Why would I like it anyway ?
HES is a 100% hardcore technical security conference. HES is
unique by its continuous outstanding technical quality, but also
by its unusual freedom and spirit. HES is a 100% non profit conference,
mainly supported by the /tmp/lab Parisian hackerspace and generous
sponsors (who in exchange for their sponsoring, don't get their say
on any of the organisation, format or content of the conference :).
If you are unsure of wether you'll like it, feel free to have a look
at the content of previous editions. Talks included topics such as
SS7 phone networks hacking, satellites take overs via x25, kernel land
exploits against grsecurity hardened kernels, or the pwnie awards
winner Tarjei Mandt for his first presentation on this topic (note
to Dave Aitel: yeah man, face it, it was first seen at HES !!) and
many more.
Presentations on new R&D projects are the core of the conference.
By R&D and security, HES really means new offensive R&D security.
Researchers from all around the internet are welcome to come to
Paris and talk, without discrimination whatsoever : everyone is
equal in front of a computer. Maybe skills appart that is ;)
HES is also an open big party, by the hacking community and for the
hacking community, with people coming literally from around the world.
If you'd like to not only come, but be part of HES by organising a
workshop (lockpickers and organisers of a social engineering contest
wanted !) or contest : please do and refer the relevant section below.
--[ Quality:
The quality of submitions is so critical to the Hackito Ergo Sum
conference that papers will be reviewed by the scary HES Programming
Comitee of death. It wasn't made to dissuade you from submitting,
but to ensure that the talks selected for HES will be as interresting
and new as possible.
Submitions should be original and as fresh as in "never seen anywhere
before". Massive upgrades and significant new research added to
talks previously presented at a few great conferences may make it.
Talks given more than 3 times will be rejected.
Intense debates often spread inside the Programming Comitee on wether
a given topic is of interrest or new at all. Consensus as been reached
though regarding a few security buzz words. In order to avoid bullshit
talks, topics on Social Engineering and SCADA will only be considered
if demos are provided, and if themagnitude of the attack would at least
affect affect a significant portion of say, a city. Old well documented
techniques such as web applications (especially XSS, CSRF and clickjacking)
but also basic exploitation techniques (or easy targets lacking modern
security protections) are discouraged. To the opposite, hacking non
understood and poorly documented technologies including for instance hardware,
protocols, architectures, devices, networks, or applications among
others are warmly welcome.
In a nutshell, submitions on how to achieve world domination in 2012
and how to eventually avoid it are of primary importance. How to survive and
facilitate privacy in an incrinsingly policed internet are also a concerned.
--[ Disclosure policy:
It is worth noticing that we do not enforce any disclosure policy on
our speakers. We believe they are responsible adults and can chose
what they believe is the best way to present their work to others
by themselves. We also belive they are smart enough to take into
consideration any legal and professional constraints.
--[ Submitting:
We are glad you are reading this section and are therefore thinking about
submitting to HES.
Before submitting, we gently recommand you to have a look at the presentations
submitted in 2010 and 2011. It would give you an idea wether your talk may make
it to HES.
We are accepting submissions in English only.
The format will be of 45 mins presentation + 10 mins Q&A.
Please note that talks with content will judged commercial or non vendor neutral
will be rejected and/or interrupted on stage.
For this conference, preference will be given to offensive, innovative and
highly technical proposals covering (but not restricted to) the topics below:
[*] Attacking Software
* Attacking the Internet Of Things
* Automating vulnerability discovery
* Weaponization and underworld/government exploit market intelligence
* Non-x86, MIPS, ARM and x64 specific exploitation techniques
* Smarter and Dumber fuzzing for binary only vulnerability hunt
* Static and Dynamic binary or source-based analysis
* Hacking mobile: defeating iOS and Android security
* Kernel land exploits
* New advances in Attack frameworks and automation
* Virtual Machines and Virtual Infrastructures evasion
* Governmentalization of hacking projection force
[*] Attacking Infrastructures
* Bank & insurance: Swift and national electronic fund transfer technologies
* Telecom attacks
* Vulnerability scanning in new networks environments.
* Living in a post-Duqu, post-Stuxnet world
* Circumventing Governmental firewalls
* Lawful interception and DPI: evasion, exploitation, detection
* Military & Intelligence data collection backbones
* Post monitoring techniques: Passive network attack
* GAN attacks
* Who's the less secure: GPS or Galileo, show how
[*] Attacking Hardware
* Drone hacking: Tic-Tac-Toe in the sky with Reaper and Raptor
* Robots MCU infection: STDs for Petman and Bigdog?
* Attacking Wireless Sensors and their underlying networks.
* Hardware reverse engineering (and exploitation + backdooring)
* LTE mobile phone attack
* eNode-B hacking
* Hacking UEFI & Secure Boot
* Gnu Radio hacking applied to new domains
* RFID exploitation
* Hacking radio protocols, specifications and implementations
[*] Attacking Crypto
* Identity Based Encryption attacks
* Quantum-based attacks of asymetric crypto
* Linear/differential cryptanalysis of contemporary ciphers
* Crypto Algorithm strength modeling and evaluation metrics
* Crypto where you wouldn't think there is
* Weak crypto in common radio links: from heartbeat links to microwave backhaul
We highly encourage topics entirely new and discuptive.
--[ Submissions:
[*] Required information:
Submitions must contain the following information:
* Speakers name or alias
* Biography
* Presentation Title
* Description
* Needs: Internet? Others?
* Company (name) or Independent?
* Address
* Phone
* Email
* Demo (Y/N)
We highly encourage and will favor presentations with demos.
Specify if submission contains any of the following information:
* Tool
* Slides
* Whitepaper
[*] How to submit:
Submit your presentation and materials by sending a mail at:
hes-cfp@hackitoergosum.org
--[ Wargame:
As in all the previous editions of HES, Steven from the Over The Wire
community will charm and delight us with a wargame in the Russian
Mob thema. You will have to face one of the most active cyber mafia in the world.
Otlichno! We'd like to thank Steven for his amazing job at untertaining
us with both intellectually challenging and phun wargames.
Stevens wargames are always very creative, and have a reputation to be both
terribly exciting and technically challenging.
--[ Workshops:
If you want to organize a workshop or any other activity during the conference,
you are most welcome. Please contact us at:
hes-orga@lists.hackitoergosum.org
We'd like to see lockpicking, Social Engineering , phone moding, demo making,
DIY eletronics workshops among others.
--[ Dates:
2012-02-13 Final Call for Paper
2012-03-01 Submission Deadline
2012-03-05 Acceptance notification
2012-03-05 Program announcement
2012-04-12 Start of conference
2012-04-14 End of conference
--[ Program Committe:
The submissions will be reviewed by the following program committee:
* Tavis Ormandy (Google) @taviso
* Matthew Conover @symcmatt
* Jason Martin (SDNA Consulting, Shakacon)
* Stephen Ridley @s7ephen
* Mark Dowd (AzimuthSecurity) @mdowd
* Tiago Assumpcao (RIM)
* Alex Rice (Facebook) facebook.com/rice
* Pedram Amini @pedramamini
* Erik Cabetas (Include Security)
* Dino A. Dai Zovi (Trail Of Bits) @dinodaizovi
* Alexander Sotirov @alexsotirov
* Barnaby Jack (McAfee) @barnaby_jack
* Charlie Miller (Accuvant) @0xcharlie
* David Litchfield (Accuvant) @dlitchfield
* Lurene Grenier (Harris) @pusscat
* Alex Ionescu @aionescu
* Nico Waisman (Immunity) @nicowaisman
* Philippe Langlois (P1 Security, TSTF, /tmp/lab) @philpraxis
* Jonathan Brossard (Toucan System, /tmp/lab) @endrazine
* Matthieu Suiche (MoonSols) @msuiche
* Piotr Bania @piotrbania
* Laurent Gaffie @laurentgaffie
* Julien Tinnes (Google)
* Brad Spengler (aka spender) (Grsecurity)
* Silvio Cesare (Deakin University) @silviocesare
* Carlos Sarraute (Core security)
* Cesar Cerrudo (IOActive) @cesarcer
* Daniel Hodson (aka mercy) (Ruxcon)
* Nicolas Ruff (E.A.D.S) @newsoft
* Julien Vanegue (Microsoft Security, Redmond) @jvanegue
* Itzik Kotler (aka izik) @itzikkotler
* Rodrigo Branco (aka BSDeamon) (Qualys) @bsdaemon
* Tim Shelton (aka Redsand) (HAWK Network Defense) @redsandbl4ck
* Ilja Van Sprundel (IOActive)
* Raoul Chiesa (TSTF)
* Dhillon Andrew Kannabhiran (HITB) @hackinthebox
* Philip Petterson (aka Rebel)
* The Grugq (COSEINC) @thegrugq
* Emmanuel Gadaix (TSTF) @gadaix
* Kugg (/tmp/lab)
* Harald Welte (gnumonks.org) @LaF0rge
* Van Hauser (THC)
* Fyodor Yarochkin (Armorize) @fygrave
* Gamma (THC, Teso)
* Pipacs (Linux Kernel Page Exec Protection)
* Shyama Rose @shazzzam
Note: Hackito Ergo Sum would like to thank all those great researchers
for their unvaluable help in detecting the good ideas and potential
great talks in the HES submissions.
--[ Fees:
We would like to remind you that, we are not a company, we are 100%
benevolant. Whatever you pay is going either to reimbourse plane tickets
to international speakers, boose, or renting the spot.
We try to keep the tickets as cheap as possible to ensure a venue
to the greater possible number of budgets. Security Professionals
pay more, unless they can prove they participated to the community
by publishing or releasing an exploit in 2011-2012. In this later case,
we give them a serious discount to reward their work and spirit.
Here is the list of prices for HES 2012:
* Public entrance for security professionals (3 days): 150 EUR
* Public entrance for non security professionals (3 days) 100 EUR
* Discount for Students below 26 (3 days) 50 EUR
* Discount for CVE publisher or exploit publisher in 2011-2012 (3 days) 50 EUR
* One-day pass 50 EUR
* Volunteers (Must register, see below) (3 days) 0 EUR
This year, we introduce a special Corporate ticket (which is clearly
a way to directly sponsor HES) which may (or may not!) entitle you to
special privileges such as sharing drinks with speakers:
* Corporate ticket: 300 euros.
--[ Book your ticket:
Seats are limited. We recommend you secure yours as early as possible.
You can book online here: http://www.amiando.com/SEQSYLV.html
Remaining tickets will be sold directly at the doors, on the day of the conference.
--[ Trainings
There will be no trainings in 2012. We hope to be able to offer trainings
in 2013. Thanks for those who submitted training offers this year : we got
amazing proposals.
--[ Sponsors:
We are still looking for sponsors. Entrance fees and sponsors fees are used to
fund international speakers travel costs and hosting facility. Please ask for
the HES2012 Sponsor Kit at hes-orga __AT__ lists.hackitoergosum.org.
--[ Volunteers:
Volunteers who sign up before 2012-03-05 get free access and will need to be
present onsite two days before (2012-04-09) if no further arrangement is made
with the organization.
--[ Journalists:
In an attempt to educate the media and increase their actual competence when
discussing subjects such as hacking and information security, journalists are welcome.
But journalists are also required to comply with some simple rules to ensure
the mutual respect among adults we aim to bring in hackito. In particular,
filming or taking pictures of attendees without their _prior_ agreement is totally
prohibited. "We shall respect privacy and people" is the only motto. We do
respect and encourage freedom of press, but in return, journalists are entiteled
to follow the #1 rule of hacking : the right to anonymity and privacy. Hackers
have the right to come to HES without being filmed, pictured, or otherwise monitored
in this environment. This may sound as a surprise to you, but as citizens of the
internet, we believe we have more rights than maybe your government is granting you.
Comply or leave : our rights has hackers are not negociable in our own conference. Period.
--[ Parties:
The HES crew is teaming up with The Grugq to offer you an orgy of hacking,
alcohol, sweet locations and great people. Get your liver ready, it's
gonna rock !!
--[ Greetz:
We would like to thank the HES2011 crew, its reviewing committee and all the
volunteers for their time and dedication in making this event a success.
Thumbs up to the /tmp/lab hackerspace for their support and the final HES
party which was a tremendous success.
We would also like to greet all the speakers of last year's edition for the
quality of their presentation and the great time we shared in Paris : you are
most welcome back in Paris for the 2012 edition.
Likewise, we'd like to thank last year's sponsors for their unconditional
support. Feel free to support us again for this 2012 edition.
Finally, we would like to thank all the people who came and participated
in the two previous editions : the conference is the people.
See you all in April 2012 !
--[ F*ck off:
As security experts and citizens of the internet, we do oppose liberticide
laws from day 1. We do oppose ACTA, SOPA, Hadopi, Lopsi2, internet sensorship
of any kind (even against pedophiles, terrorists and other scapegoats) and
we remain strong advocates of net neutrality.
--[ Contact:
hes-orga __AT__ lists.hackitoergosum.org
Please submit via hes-cfp __AT__ lists.hackitoergosum.org
Hackito Ergo Sum 2012 conference - http://2012.hackitoergosum.org
-- [ Social Media:
Keep in touch with the HES Organization via Facebook, Twitter and Linkedin !
Website: http://2012.hackitoergosum.org
"Hackito Ergo Sum" on Facebook - https://www.facebook.com/pages/Hackito-Ergo-Sum/376978867704
@HackitoErgoSum on Twitter ! - https://twitter.com/HackitoErgoSum
HackitoErgoSum on Linkedin ! - https://www.linkedin.com/groups?gid=2861584
-[EOF]-